Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/kYAaP3wZbS3tkuqBOAuX4h4ezTc.roa
File:                     kYAaP3wZbS3tkuqBOAuX4h4ezTc.roa (raw, json)
Hash identifier:          rDwx6JdWznW0IvsnQCXfivMv56RciJB+0RVnJ/JMIOM=
Subject key identifier:   91:80:1A:3F:7C:19:6D:2D:ED:92:EA:81:38:0B:97:E2:1E:1E:CD:37
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       018AB6FBE9E1F53A748DD5F07D0F1821D442
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/kYAaP3wZbS3tkuqBOAuX4h4ezTc.roa
Signing time:             Thu 21 Sep 2023 09:04:37 +0000
ROA not before:           Thu 21 Sep 2023 09:04:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43260
IP address blocks:        77.90.138.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sat 30 Sep 2023 08:10:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:b6:fb:e9:e1:f5:3a:74:8d:d5:f0:7d:0f:18:21:d4:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Sep 21 09:04:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=91801a3f7c196d2ded92ea81380b97e21e1ecd37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:42:f9:03:a5:10:d9:b8:2c:b1:4e:4d:60:74:
                    12:8a:90:52:61:02:0c:0c:ca:36:c3:9b:b9:ea:c9:
                    dd:71:9e:8a:86:2c:f8:f8:ae:eb:5e:e2:84:a1:6a:
                    78:a9:b0:2e:89:5f:3a:12:fe:1a:58:3d:4c:7a:64:
                    9a:9c:3c:43:8c:b5:69:77:3f:bb:d6:1a:b8:5e:83:
                    58:ee:89:b3:78:7a:b0:f7:59:c5:ce:6d:ec:b8:16:
                    18:b7:05:00:be:21:a2:1d:da:19:6e:45:7e:65:e0:
                    34:e1:2a:5b:c8:6e:f3:c5:bb:8c:35:92:de:0b:93:
                    c9:da:38:8c:ad:3d:01:1d:7c:d0:28:67:52:f5:a0:
                    e4:47:38:6d:a8:a6:8b:64:a6:82:f0:2a:aa:62:79:
                    74:9d:da:5f:8c:8c:60:8d:e8:a5:97:c6:32:34:c4:
                    09:03:89:1b:97:c1:29:cf:1a:23:c2:3b:ac:d6:10:
                    6e:56:5b:ac:60:e4:4c:ca:75:43:a0:94:80:63:70:
                    bd:bd:df:f0:7b:e9:ee:f0:a3:00:b0:fc:12:69:69:
                    be:82:96:9a:a5:51:7d:8e:1d:c1:ae:dd:aa:78:4d:
                    dd:bc:e9:35:4b:90:50:fa:f4:f9:14:b6:ab:7c:a4:
                    c4:3f:4e:2b:74:df:a1:49:fc:30:35:7b:33:ee:e9:
                    c4:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:80:1A:3F:7C:19:6D:2D:ED:92:EA:81:38:0B:97:E2:1E:1E:CD:37
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/kYAaP3wZbS3tkuqBOAuX4h4ezTc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:d8:02:ca:8e:cb:65:25:16:82:49:c1:ae:5f:b2:87:ec:71:
         c4:80:99:fe:41:e8:56:64:1b:4e:ae:ed:69:c7:13:29:a1:14:
         ee:a4:db:44:db:aa:c4:54:3b:57:5b:fb:a4:b3:f7:16:1a:7b:
         3b:37:8b:d1:eb:f3:ae:1c:bd:a3:e0:ec:4d:fe:ec:7d:e5:88:
         b6:b7:7c:7e:92:2c:d9:03:ff:f7:3a:e3:b3:f6:29:42:06:c2:
         88:4d:74:0f:cc:fe:a2:46:c8:97:f3:c2:88:f5:9e:27:99:7c:
         b9:2e:2b:b5:70:5c:48:a3:80:41:aa:7c:c2:49:7d:1b:56:e9:
         b1:58:c0:1a:43:21:e4:05:03:04:16:cf:a0:40:96:60:de:30:
         26:b6:63:d3:b6:19:a7:53:b9:99:61:50:43:e4:9b:28:86:56:
         2d:2c:18:c3:f0:19:37:0c:fe:bb:9a:55:8b:e7:4c:c9:7c:b0:
         e5:1e:01:bb:50:d6:19:2a:f8:12:83:d4:82:70:f7:4c:27:ed:
         ae:a4:ab:ad:d8:c1:b0:82:06:1c:14:9e:f5:56:a3:3f:46:e7:
         a7:2d:94:91:54:f0:40:aa:86:9a:c1:9c:32:77:5e:13:2f:c7:
         90:e5:22:b6:f0:66:f4:00:f9:09:41:d0:d5:0b:c0:b8:ff:a5:
         13:fb:c1:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYq2++nh9Tp0jdXwfQ8YIdRCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjMwOTIxMDkwNDM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTgwMWEzZjdjMTk2ZDJkZWQ5MmVhODEzODBiOTdlMjFlMWVjZDM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAikL5A6UQ2bgssU5NYHQSipBSYQIM
DMo2w5u56sndcZ6Khiz4+K7rXuKEoWp4qbAuiV86Ev4aWD1MemSanDxDjLVpdz+7
1hq4XoNY7omzeHqw91nFzm3suBYYtwUAviGiHdoZbkV+ZeA04SpbyG7zxbuMNZLe
C5PJ2jiMrT0BHXzQKGdS9aDkRzhtqKaLZKaC8CqqYnl0ndpfjIxgjeill8YyNMQJ
A4kbl8Epzxojwjus1hBuVlusYORMynVDoJSAY3C9vd/we+nu8KMAsPwSaWm+gpaa
pVF9jh3Brt2qeE3dvOk1S5BQ+vT5FLarfKTEP04rdN+hSfwwNXsz7unEpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJGAGj98GW0t7ZLqgTgLl+IeHs03MB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEva1lBYVAzd1piUzN0a3VxQk9BdVg0aDRlelRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVqKMA0G
CSqGSIb3DQEBCwUAA4IBAQAR2ALKjstlJRaCScGuX7KH7HHEgJn+QehWZBtOru1p
xxMpoRTupNtE26rEVDtXW/uks/cWGns7N4vR6/OuHL2j4OxN/ux95Yi2t3x+kizZ
A//3OuOz9ilCBsKITXQPzP6iRsiX88KI9Z4nmXy5Liu1cFxIo4BBqnzCSX0bVumx
WMAaQyHkBQMEFs+gQJZg3jAmtmPTthmnU7mZYVBD5JsohlYtLBjD8Bk3DP67mlWL
50zJfLDlHgG7UNYZKvgSg9SCcPdMJ+2upKut2MGwggYcFJ71VqM/RuenLZSRVPBA
qoaawZwyd14TL8eQ5SK28Gb0APkJQdDVC8C4/6UT+8Ef
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:25 2024 by rpki-client on console-ams.rpki-client.org